Subin Nakarmi

  • CyberArk Implementation Engineer
  • St. Petersburg, FL
  • Member Since Apr 14, 2023

Candidates About

 

Subin Nakarmi


Professional Summary:

·         Implementing the market's leading Privileged Access Management (PAM) solutions for enterprises.

·         Very good experience in Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA and Clustered CyberArk PSM Architecture and design.

·         Configuration of multiple Privilege accounts across the organization and Administration of CyberArk.

·         Involved Upgrade on CyberArk component on various servers and Setup Privileged password management Policies for CPM component.

·         Good understanding of policies in CyberArk Central Policy Manager (CPM) and (PSM).

  • Expertise in Administration of Tivoli products like Tivoli Access Manager, Tivoli Directory server and knowledge on Tivoli Federated Identity Manager.
  • Experience in network protocols, Firewalls and Communication Network design.
  • In-depth knowledge of deploying and troubleshooting IP protocols.
  • Experience and familiar with both Windows server, Linux platform.
  • Efficient use of Microsoft VISIO as technical documentation and presentation tools.
  • Proven experience in network/hardware/operating system troubleshooting, PC assembly, system integration, technical support and customer service helpdesk.
  • Effectively plan, install, configure and optimize IT infrastructures to achieve high availability and performance.
  • Experience of working in both Windows and Linux-based IAM implementations.
  • Quick learner and experience working with production and 24x7 on call environments.

 

 


Education: Bachelor’s in computer science, Manipal University                    

 

Professional Experience:

 

Jabil, St. Petersburg, FL                                                                                                           Sep 2017 to Present

CyberArk Implementation Engineer

 

Responsibilities:

·         Led the implementation of CyberArk 9.9 with PVWA, CPM and PSM.

·         Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.

·         Extensively worked on PAM operational tasks, defining access control, user entitlements, management of Applications Credentials and User Access Policy.

·         Worked on Privileged Access Reviews, Compliance Reporting, Access Control Processes and other associated tasks with Privileged User Management.

·         Creating safes and adding users and groups to them for privileged access in CyberArk

·         Worked on administering of User accounts, Group memberships, and Organizational Units using Active Directory.

·         Extensive experience on Installation, configuration and troubleshooting of AIM clients for various teams.

·         Extensively worked on Application Identity manager to securely facilitate access to privileged passwords in applications or configuration files.

·         Migrate user accounts into Password Vault using Bulk upload utility.

·         Monitor CyberArk reports and respond to failed password verification alerts and work with system account owners to resolve failure alerts.

·         Ensure that all CyberArk accounts communicate with Servers and correct any discrepancies or errors that are found.

·         Create CyberArk Safe's and add system and application id's to specified Safe vaults

·         Retrieve CyberArk system/application password's and assist Database, Linux, Wintel, and Core Application Support teams when passwords are needed.

·         Performed PAM Operational tasks defining Access Control, User Entitlements, Management of Applications Credentials and User Access Policy Management.

·         Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods

 

American Airlines, Dallas, TX                                                                                                  Nov 2015 to Sep 2017

CyberArk Security Engineer

Responsibilities:

·         Maintaining Active Directory groups and policies, Backups.

·         Developed Architecture and Design for implementing CyberArk solution in distributed environment to manage application and service credentials.

·         Experience in Privileged Access Management solutions particularly CyberArk, network security and administration.

·         Installation and configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and DR.

·         Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), Application Identity Manager(AIM), DR Vault in DR Server.

·         Configurations including AD integration and Management of Cyber Ark Enterprise Password vault.

·         Managed Safes ad Server/ host addresses in EPV. Resolved issues with CyberArk's CPM to communicate with hosts to reconcile credentials.

·         Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.

·         Installed, managed and troubleshot DNS in multiple zone environments. Troubleshot DNS integration with Active Directory. Installed, configured and administered WINS, DHCP, IIS and WSFTP, File and Print servers.

·         Patching & Monitoring Vault, Central Password Manager, Two-factor authentication, Privileged Session Manager, Password Vault Web Access servers and services.

·         Installed, managed and troubleshot DNS in multiple zone environments. Troubleshot DNS integration with Active Directory. Installed, configured and administered WINS, DHCP, IIS and WSFTP, File and Print servers.

·         Identifies, diagnoses, and resolves problems for users of the personal computer or laptop software and hardware.

·         Performed daily backup operations, ensuring all required file systems and system data are successfully backed up to the appropriate media, recovery tapes or disks are created, and media is recycled and sent off site as necessary.

·         Created and performed backup of policies and Rules in Firewall.

·         Provides one-on-one end-user problem resolution over the phone.

 


Ameriprise Financial, Minneapolis, MN                                                                            Jun 2014 to Oct 2015
IAM Engineer


Responsibilities:

·         Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design. 

·         Managed and Administered all IAM and PAM technologies.

·         Configuration of multiple Privilege accounts across the organization and Administration of CyberArk. 

·         Integration of window accounts, Unix accounts, Database, Network and Security Device. 

·         Experienced in day to day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations. 

·         Implementation and create of web policies, password policies. 

·         Vault Back-up Management process, AD Configuration (User to connect AD) & Branches). 

·         Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design. 

·         Break Glass Access Management Process, Integration with other Systems (email configuration). 

·         Change Management Process Plan (OS, patch updates). 

·         Responsible for Create New User, Activate, enable user, group and OU account in Active Directory. 

·         Reconciliation, Password Synchronization, Service definition for Target System, Workflows and Integration of various target system privilege account integration. 

·         Managing User Accounts, Server Space & other Log files on servers and Maintaining Mail Accounts in Microsoft Office Outlook & Backup of Emails. 

·         Helping organization target architecture for infrastructure privileged access and the high-level requirements for the privileged access management solution. 

·         Implementing the strategy for infrastructure privileged access control in organization, and the drivers in terms of risk and regulatory control. 

·         Worked as Unix Administrator in IT infrastructure environment providing server administration, application administration and automation solutions to support business objectives

·         Configured UNIX infrastructure, and supported RHEL (Linux) 3, 4, servers.

·         Cyber-Ark as a platform for managing privileged access to infrastructure. An initial project is focusing on managing networking devices accounts. In parallel, analysis is ongoing.

 

Best Buy, Minneapolis, MN                                                                                               Mar 2013 to May 2014
CyberArk Consultant


Responsibilities:

·         Involved Installation on CyberArk component on various servers and Setup Privileged password management Policies for CPM component. 

·         OPM and AIM provider Installations on PSM and testing for Installation Qualification and Involved in AD integration and adding a user to with their privileges. 

·         Creating safes and adding users and groups to them for privileged access in CyberArk and Creation of policies and Reports in PVWA. 

·         Installation and configuration of CyberArk Private Ark client and Private Ark server and CPM, PVWA, PSM, PSMP, DR. 

·         Good understanding of policies in CyberArk Central Policy Manager (CPM) and (PSM). 

·         Resolved CyberArk issue's in CPM to communicate with a host to reconcile credentials. 

·         Prepared tickets about the issue and informed to the higher specialists. 

·         Alerting DXB Bank to suspicious activity or instances observed on their networks, such as DDoS attempts, Cross-Site Scripting, or malware infections, then providing recommendations and solutions to handle them. 

·         Provided guidance in adding, removing, change and lifecycle of Privileged Identity Management (PIM) to provide the highest quality levels of Security. 

·         Retrieved CyberArk system and application password's and assist Database, Linux, and Core Application Support teams when passwords are needed. 

·         Good knowledge in Active Directory and Involved in AD integration and adding user to with their privileges.


Verizon, Basking Ridge, NJ                                                                                                  May 2011 to Feb 2013
Tivoli Identity Manager

Responsibilities

·         Involved in Design Approach for Tivoli Identity Manager.

·         Perform and Support Configuration Changes in Development and UAT Environments, perform and support all minor changes in production environment.

·         Resolved Incidents/Requests raised by the Users related to their access issues.

·         Created various object classes and attributes which are required in development process.

·         Generated reports for TAM and Related applications.

·         Develop and support Role Based Access Control (RBAC). 

·         Created and worked on Users, Groups, junctions, ACL's, POP's.

·         Implemented UNIX host security on all servers based on industry standards.

·         Worked on problem tickets (PMRs) with IBM to find effective solutions to various problems and performance issues in Test and production environments.

·         Resolved issues in WAS and performance tuning.

·         Implementation of SSO federation using SAML Authentication.

·         Reconciliation of user accounts and adoption of user accounts to user identities.

·         Used IDI script to notify users of password expiration date.